SEC hit by database breach in 2016

The compromised database is known as EDGAR.
Securities and Exchange Commission HQ in Washington, D.C. (Flickr user arsheffield)

The Securities and Exchange Commission was the victim of a breach last year, the agency revealed Thursday.

SEC chairman Jay Clayton said in a statement that while the breach in a database housing detailed financial reports was detected last year, it wasn’t until last month that the SEC suspected the hackers used the compromised information for insider trading, CyberScoop reports.

The compromised database is known as EDGAR (Electronic Data Gathering, Analysis, and Retrieval) and stores sensitive corporate disclosures that are not yet available to the public. That kind of information can give traders an unfair and illegal advantage if it is used for stock trading.

“Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information,” the Clayton said.


The SEC doesn’t believe that the breach disrupted its operations or gave hackers access to personal information.

The revelation came in brief part of a statement released Wednesday about the commission’s cybersecurity policy. The statement did not give a reason why the breach wasn’t announced sooner.

Read more about the breach on CyberScoop.

Latest Podcasts